CN105959117A - Vehicle-mounted ad hoc network security authentication method based on Cuckoo filter - Google Patents
Vehicle-mounted ad hoc network security authentication method based on Cuckoo filter Download PDFInfo
- Publication number
- CN105959117A CN105959117A CN201610571676.5A CN201610571676A CN105959117A CN 105959117 A CN105959117 A CN 105959117A CN 201610571676 A CN201610571676 A CN 201610571676A CN 105959117 A CN105959117 A CN 105959117A
- Authority
- CN
- China
- Prior art keywords
- signature
- vehicle
- rsu
- message
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Abstract
The invention discloses a vehicle-mounted ad hoc network security authentication method based on a Cuckoo filter. The method comprises the following two steps: 1) identity authentication between a vehicle and an infrastructure (V2I), wherein the step comprises the following four specific processes: system initialization, initial handshake, message signature and massage authentication; and 2) identity authentication between vehicles (V2V), wherein the step comprises three specific processes: group key generation, group message signature and group massage authentication. The method is realized based on software without depending on any other specific hardware equipment; an unparalleled linear pairing method is adopted in the authentication phase, and the unparalleled linear pairing authentication method is suitable for both V2I and V2V authentication, so that the method has efficient computing power and lower cost; and in the batch certification phase, the Cuckoo filter and the binary search technique are adopted to detect whether signature is effective, so that efficiency of the authentication phase is improved to a great extent.
Description
Technical field
The present invention relates to car connected network communication security fields, be specifically related to a kind of vehicular ad hoc based on Cuckoo filter
Network security certification method.
Background technology
VANETs is the network of a kind of self assembly, the network being made up of the vehicle that is mutually related, and main purpose is for protecting
The safety of card driver and convenience.The function of each car is all equivalent to a router, it is possible to outside by Wireless Telecom Equipment
Boundary's transmission information.A kind of typical VANETs has two kinds of node types, and one is the pre-mobile communications nodes being contained on vehicle, vehicle-mounted
Unit (OBU), two is large scale deployment infrastructure in road on both sides of the road, roadside unit (RSU).
Communication mode in VANETs is divided into two kinds, vehicle and vehicle communication (V2V) and vehicle and infrastructure-based communication
(V2I), the communication of both types by short range wireless communication protocol control, referred to as DSRC (DSRC) agreement.At V2V
Communication in, single unit vehicle, as a router, has corresponding informed source and destination.Therefore,
Big challenge, is the legitimacy of the message that checking is most recently received.In the communication of V2I, can more easily verify message,
Because roadside unit is concentration of local, it can follow the tracks of and participate in receive the message of vehicle, then the disappearing of centralized broadcast vehicle
Breath.
The safety of message exchange plays pivotal role in VANETs.Because the mode of radio communication, opponent couple
It is the most relatively easy that VANETs controls communication channels, and opponent can intercept, revises, message of resetting.Therefore, take action further taking
Before, vehicle or OBU must verify that effectiveness and the integrity of the message received, to prevent opponent from changing or to revise original disappearing
Cease or imitate the message of some vehicles broadcast mistake.Because the telecommunication flow information of these mistakes may make traffic control center do
The decision made mistake, causes the generation of vehicle accident.
In addition, in VANETs, privacy is another major issue in recent years.Car owner may be not intended to others and know his
Itinerary.But opponent by following the tracks of the message that vehicle sends, and then can know the itinerary of car owner.Therefore, in order to
Solving privacy concern, anonymous communication is a need for.Meanwhile, the true identity of vehicle, also should be credible when being necessary
Mechanism can trace back to.Such as, when having crime or accident occurs, it is possible to trace back to malice vehicle and the people of action thereof, and allow
It is punished severely accordingly.
In recent years, the scheme (SPECS) that reinforcement safety communicated with privacy proposes a kind of concentration between vehicle and communicates.
SPECS provides a solution based on software and meets privacy requirements.But this scheme is quickly proved to be permissible
It is hacked.Soon, the weakness in SPECS scheme can be overcome at VANET batch anonymous Identity checking (b-SPECS+), meet
Safety and the demand of privacy.But b-SPECS+ scheme does not the most propose testing for group communication (vehicle and vehicle communication)
Card, and there is no any lifting in terms of checking expense yet.
Summary of the invention
Goal of the invention: it is an object of the invention to solve technical problem present in prior art, it is provided that a kind of based on
The vehicular ad hoc network safety certifying method of Cuckoo filter, the present invention realizes based on software, and it is any special not rely on
Hardware device;Use a kind of based on the scheme without Bilinear Pairing, this checking without Bilinear map in the message authentication stage
Method is applicable not only to V2I, is also applied in the checking of V2V, so having efficient computing capability and relatively low expense cost;
The skill using Cuckoo filter and binary search in message criticizes certification changes the hashed value of notification message, retrieves signature
The most effective so that message overhead significantly reduces, improve the efficiency of Qualify Phase.
Technical scheme: a kind of based on Cuckoo filter the vehicular ad hoc network safety certifying method of the present invention, bag
Containing following steps:
(1) authentication procedures between vehicle and the infrastructure of VANETs based on Cuckoo filter is followed successively by:
System initialization, shake hands for the first time, information signature and message authentication;
(2) authentication procedures between vehicle and the vehicle of VANETs based on Cuckoo filter is followed successively by: group is close
Key generation, group's information signature and group's message authentication.
Further, the system initialization process in described step (1) comprises the following steps:
1) systematic parameter generation phase: TA initializes systematic parameter, calculates system PKI, and TA is trust authority, concrete mistake
Journey is described as follows:
According to given nonsingular elliptic curve (P, p, q, G, E), TA selects a random numberAs system, master is close
Key, and calculate PPub=s P is as system PKI;
2) vehicle true identity and password pre-allocation stage, detailed process is described as follows:
After vehicle first enters into network, TA is each vehicle distribution true identity RID and equipment password PWD;
3) common parameter launch phase: the entity in VANETs obtains public system parameter, it is thus achieved that system PKI;Concrete mistake
Journey is described as follows:
Systematic parameter (P, p, q, E, G, h1,h2,PPub) each entity of being published in network, wherein, two safety are unidirectional
Hash function,Vehicle and RSU can obtain.
Further, in the authentication procedures between described vehicle and infrastructure, it is respectively RSU and vehicle by TA
Between, set up shared secret between TA and vehicle;TA calculates and verification public keyVehicle is that each session makes
The privacy of oneself is protected with different anonymous Identity;The RSU with efficient computing capability is utilized to assist the message authentication of vehicle;
By the hashed value of Cuckoo filter replacement notification message, retrieve signature the most effective;Searched by binary search technology
Invalid signature in batch signature;When disputable occur time, trust authority TA can uniquely trace back to the true identity of vehicle;
The detailed process of described message authentication is followed successively by: RSU receives the signature information of vehicle;RSU verifies current time
Stamp is in the range of transmission delay;Judge whether signature closes by the cryptographic Hash of signature existing in Cuckoo filter and message
Method;RSU checks that PKI and shared key are in storage list;The integrity of RSU certification message and information source.
Further, the detailed process of the information signature of described RSU is as follows:
1) vehicle first calculates assumed name IDi=(IDi1,IDi2), its computing formula is as follows, IDi1=ri·Ppub,Wherein riIt it is a random number;
2) above-mentioned generation ID is utilizedi1And IDi2To message MiSigning, its concrete signature formula is as follows,
Wherein h (.) is safe one-way Hash function, TiThe current time stamp sent for message, after having signed, vehicle Vi
Send (IDi,Mi,σi,Ti)。
Further, the detailed process of the message authentication of described RSU is as follows:
1) RSU receives range of information (IDi,Mi,σi,Ti), i ∈ (1,2,3 ..., n), wherein, IDiIt is hideing of vehicle
Name;MiIt is the vehicle message received, σiIt is the signature of this message, TiIt it is current time stamp;
2) RSU first checks for current time stamp Ti.Assuming that the time T receivedRSU, △ T is predefined acceptable transmission
Postpone, if △ were T >=TRSU-TiSet up, enter next step, be false on the contrary, just signature is directly abandoned;
3) if the data signed in Cuckoo filter, RSU has only to the cryptographic Hash of checking signature and message and is
No in positive and negative filter, i.e. can determine whether to sign the most effectively (detailed process is shown in generation notification message), if now filter
It is empty or has been updated to sky it is necessary to enter next step;
4) RSU needs to go to verify vehicle ViPKI VPKiWith shared key mi, check (the VPK of storagei,mi) meet equationIf equation is set up enters next step, if be false, just signature is stored in negative filtration
In device;
5) RSU randomly chooses vector v={ v1,v2,...vn, v hereiBe one [1,2tLittle Stochastic in the range of],
T is a integer the least, and RSU carries out batch certification to the signature in above-mentioned message, if following batch of certification equation is set up, says
This message bright is complete, and the sender of message is also legal, legal signature is stored in positive filter simultaneously, right
Next step binary search batch processing (detailed process is shown in binary search batch processing) is carried out in illegal signature,
Further, in the message authentication of described RSU, by the hashed value of Cuckoo filter replacement notification message,
Retrieve signature the most effectively (detailed process is shown in generation notification message);Effective and invalid information signature is put into by RSU respectively
Detailed process in positive filter and negative filter is as follows:
1) Cuckoo filter storage signature sigmaiWith message MiCryptographic Hash (fingerprint) f=Fingerprint being mapped to
(x), wherein x=(IDi1||Mi);
2) Cuckoo filter is each data item x by hash scheme, and the index calculating two candidate bucket is as follows:
i1=hash (x) mod M
Wherein M is the barrelage mesh upper limit;
3) if candidate bucket has one to be empty, then fingerprint is stored in free bucket by us.If two candidate bucket are all
Not having space, we can only select a candidate bucket, mobile off-the-shelf item, reinserts candidate bucket to this project, wherein i1
And i2Refer to two candidate bucket respectively.
Further, message criticizes the certification hashed value by Cuckoo filter replacement notification message, and retrieving signature is
The detailed process of no effectively (generation notification message) is as follows:
If vehicle ViWant to verify VjMessage MjIn signature sigmaj, it is necessary first to calculate hash function value f=
Fingerprint (x), wherein x=(IDj||Mj), the index value i of two positions is then obtained according to hash function1And i2, point
Do not go positive filter and negative filter search whether to there is corresponding cryptographic Hash, four kinds of results can be obtained as shown in table 1:
Four kinds of probable values of table 1Cuckoo filter
For first two situation, the result determined can be obtained;For the 3rd kind of situation, VjCryptographic Hash occur in two mistakes
In filter, the most so-called false positive, the method for the present invention is in the range of △ T, occurs that the probability of this situation is almost nil,
So being directly entered authentication;For last a kind of situation, it is meant that in the range of △ T, the most authenticated signature of RSU
σj, so being directly entered the authentication stage.
Further, in the message authentication of described RSU, in a collection of thousands of signature, the most several
Invalid signature, in order to avoid all abandoning, invalid signature that is two point searched in batch signature by binary search technology are searched
The detailed process of rope batch processing is as follows:
1) a collection of signature sigma to be verified1,σ2,...σnThere is n;
2) intermediate point of n signature is found out
3) carry out batch at first half and latter half to verify, in the event of invalid signature, continuing above
Process, repeats binary search.
Further, the generation of the group cipher in described step (2) process comprises the following steps:
1) group's request: vehicle ViInitiate group's request, request message and corresponding signature have been sent to RSU, and ask RSU
Broadcast;
2) group agrees to: any vehicle VjReceive vehicle ViRequest message, whether first check for the assumed name of oneself at it
In, if, then vehicle VjTransmission is receiveed the response Mj={ GPAGR, IDj, and the signature of oneself is sent to RSU;
3) group criticizes after certification: RSU receives above-mentioned signature, and this approval and sign name carries out batch certification;At this point for any vehicle
VxSignature be effective;RSU is the most public and private key of this all living creatures to TA request;This group cipher is encrypted and is sent to RSU by TA;
RSU broadcast and signature information;
4) group sets up: vehicle receives above-mentioned message and signature, after certification is passed through, it is thus achieved that the group private key CGS of self;Group's private key
Shared key is utilized to encrypt, so only member can decipher in group.
Further, during described group cipher generates, the detailed process that group criticizes certification is as follows:
1) RSU is the most public and private key of this all living creatures to TA request;
2) TA chooses random number rr, calculates group cipher CGS=s × rr;TA utilizes mx, generate group PKI GPKx=mxP;
3) TA is encrypted ENC to this group ciphertx(CGS) it is sent to RSU;
4) RSU broadcastAnd sign
Name message
Further, the group's information signature in described step (2) and group's message authentication process comprise the following steps:
1) group's information signature: as vehicle ViWhen sending group's message, needing to sign message, group here disappears
Breath signature is with above-mentioned information signature process;Vehicle ViTo message MiSign, produce signature sigmaiThe most above-mentioned message of particular content
Described in signature process;Vehicle is by message { IDi,ENCCGS(GPKi||IDi),Mi,σiBe broadcasted;
2) group's message authentication: after receiving above-mentioned message, in group, member is to from vehicle ViMessage MiIn signature sigmaiEnter
Row certification;First, vehicle is by judging △ T >=TRSU-TiWhether set up, set up and then carry out next step;Here △ T is system
The acceptable transmission delay set, TRSUFor receiving the vehicle receiver time to message;
3) vehicle passes through group's private key to ENCCGS(GPKi||IDi) be decrypted, it is thus achieved that GPKiAnd IDi, before comparison
The M receivedrDetermine whether member in group;If it is determined that this member is member in group, then message is verified, checking public affairs
Formula is:
σiPpub=IDi1+h2(IDi||Mi||Ti)GPKi。
Beneficial effect: compared with prior art, the invention have the advantages that
(1) present invention is the solution realized based on software, does not relies on any special hardware device, is ensureing group
On the basis of interior member security communication, testing vehicle register authentication function, information completely sexual function can be met.
(2) present invention uses a kind of based on the scheme without Bilinear Pairing in message authentication process, this without Bilinear map
Proof scheme be applicable not only to V2I, be also applied in the checking of V2V, so having efficient computing capability and relatively low opening
Pin cost.
(3) by the hashed value of the skill replacing notification message of Cuckoo filter and binary search in the present invention, retrieve
Effective and invalid signature so that message overhead significantly reduces, improves the efficiency of Qualify Phase.
Accompanying drawing explanation
Fig. 1 is the system structure schematic diagram of the present invention;
Fig. 2 is the FB(flow block) of the present invention;
Fig. 3 is the schematic flow sheet of testing vehicle register certification in the present invention;
Fig. 4 is message authentication process flow chart in the present invention;
Fig. 5 is the schematic flow sheet that in the present invention, group built by vehicle;
Fig. 6 is communication overhead comparison diagram in the present invention.
Detailed description of the invention
Below technical solution of the present invention is described in detail, but protection scope of the present invention is not limited to described enforcement
Example.
As it is shown in figure 1, a kind of based on Cuckoo filter the vehicular ad hoc network safety certifying method of the present invention is drawn
It is divided into 2 layers: top layer is whole nation trust authority TA, is connected with RSU by safe channel;Bottom has RSU and vehicle (or OBU) group
Becoming, the communication between them is based on DSRC (DSRC) agreement;TA is always on, credible, and never compromises, TA
Can uniquely confirm the true identity of vehicle;RSU is believable, for OBU, has higher computing capability.
As in figure 2 it is shown, a kind of based on Cuckoo filter the vehicular ad hoc network safety certifying method of the present invention is altogether
Have two steps, respectively: (1) is the authentication of (V2I) between vehicle and infrastructure, this step include system initialization,
Shake hands for the first time, information signature and message authentication Four processes;(2) authentication of (V2V) between vehicle and vehicle, this step bag
Include group cipher generation, group's information signature and three processes of group's message authentication.
Authentication procedures between vehicle and infrastructure is as it is shown on figure 3, vehicle passes through RSU by true identity and mouth
What the ciphertext of order was safe is sent to TA;By TA respectively between RSU and vehicle, between TA and vehicle, set up shared secret.This
In embodiment, it is embodied as step as follows:
(1) in system initialisation phase, all vehicles and RSU can obtain the open parameter of the system that produced by TA (P, p, q,
E,G,h1,h2,PPub);
(2) vehicle Vi, i ∈ 1,2,3 ..., when n} enters the communication range of certain RSU for the first time, vehicle is wanted to be obtained by RSU
Obtain the predistribution of TA, first with the private key of selfRID and PWD is signedThen TA is utilized
PKI PKTAAbove-mentioned data are encrypted, produce ciphertextCar
By RSU this ciphertext safety is sent to TA;
(3) RSU is only responsible for middle transmission, and TA utilizes private key SKTADeciphering, and utilize the PKI of vehicleTest
Card;TA randomly selects a ti, as a shared secret between vehicle;TA calculates verification public key
TA randomly selects number mi, as RSU and vehicle ViBetween shared secret;TA utilizes the PKI of vehicle and the PKI of RSU
PKRAbove-mentioned data are encrypted generation ciphertextWithTA is by array (RID, ti,mi) carry out corresponding storage;Then by ciphertext Y
RSU is sent to by safety chain with Z;
(4) RSU receives ciphertext Y and Z, utilizes own private key SKRCiphertext Z is decrypted, it is thus achieved that verification public key VPKi、
Share parameter miAnd signatureThe PKI utilizing TA is authenticated, after certification is passed through, and corresponding storage (VPKi,
mi), and ciphertext Y is transmitted to vehicle Vi;
(5)ViAfter receiving Y, utilizeCiphertext Y is decrypted, it is thus achieved that s, VPKi,(s,VPKi) and mi,After being verified, utilizeCalculate and obtain ti;Then ViStorage (VPKi,s,mi,ti)。
As shown in Figure 4, RSU receives the signature information of vehicle to the idiographic flow of message authentication;RSU checking signature and message
Whether cryptographic Hash is in positive and negative filter;RSU checking current time is stabbed in the range of transmission delay;RSU checks PKI and shares
Key is in storage list;The integrity of RSU certification message and information source.In the present embodiment, it is embodied as step as follows:
(1) RSU receives range of information (IDi,Mi,σi,Ti), i ∈ (1,2,3 ..., n), wherein, IDiIt is hideing of vehicle
Name;MiIt is the vehicle message received, σiIt is the signature of this message, TiIt it is current time stamp;
(2) RSU first checks for current time stamp Ti.Assuming that the time T receivedRSU, △ T is predefined acceptable biography
Defeated delay.If △ were T >=TRSU-TiSet up, enter next step, be false on the contrary, just signature is directly abandoned;
(3) if the data signed in Cuckoo filter, RSU has only to the cryptographic Hash of checking signature and message and is
No in positive and negative filter, i.e. can determine whether to sign the most effective, if now filter be empty or be updated to sky it is necessary to
Enter next step;
(4) RSU needs to go to verify vehicle ViPKI VPKiWith shared key mi, check (the VPK of storagei,mi) the fullest
Foot equationIf equation is set up enters next step, if be false, just signature is stored in
In negative filter;
(5) RSU randomly chooses vector v={ v1,v2,...vn, v hereiBe one [1,2tLittle random finger in the range of]
Number, t is a integer the least, and RSU carries out batch certification to the signature in above-mentioned message, if following batch of certification equation becomes
Vertical, illustrate that this message is complete, the sender of message is also legal, legal signature is stored in positive filter simultaneously
In, illegal signature is carried out to next step binary search batch processing.
Vehicle builds the detailed process of group as it is shown in figure 5, in the present embodiment, be embodied as step as follows:
(1) group's request: vehicle ViInitiate group's request, by message Mi={ GPREQ, ID1,...IDi-1,IDi+1,...,IDn}
With corresponding signatureIt is sent to RSU, and broadcasts its message;
(2) group agrees to: any vehicle VjReceive vehicle ViRequest message, whether first check for the assumed name of oneself at it
In;If, then vehicle VjTransmission is receiveed the response Mj={ GPAGR, IDj};Same, utilize the side during information signature
Above-mentioned message is signed by formulaAnd signature is sent to RSU;
(3) group criticizes after certification: RSU receives above-mentioned signature, and this approval and sign name carries out batch certification;To any vehicle VxLabel
Name is effective;RSU is the most public and private key of this all living creatures to TA request;TA chooses random number rr, calculates group's private key CGS=s × rr;
TA utilizes mx, generate group PKI GPKx=mxP;This group of private keys are encrypted by TA, obtain ciphertextAnd be sent to
RSU;RSU broadcastAnd signature disappears
Breath
(4) group sets up: vehicle receives above-mentioned message and signature, after certification is passed through, it is thus achieved that the group private key CGS of self;Because
Group's private key utilizes shared key to encrypt, so only member can decipher in group.
As shown in Figure 6, illustrating to calculate the message of BVMM (bulk messages checking) varying number of cost, the present invention is more
Effectively with SPECS and b-SPECS+ in the quantity of BVMM stage different messages compared with.Wherein, SPECS and b-SPECS+ is
Operation based on Bilinear Pairing, the present invention is based on the operation joined without bilinearity on elliptic curve (ECC), is embodied as meter
Calculation comparison step is as follows:
For convenience's sake, we to define some semiology analysis times as follows.
Tbp≈ 4.2110: be the execution time of a Bilinear Pairing operation.
Tbp·m≈ 1.7090: be the execution time of a scalar multiplication relating to Bilinear Pairing operation.
Tbp·sm≈ 0.0535: be the execution time of a small-scale multiplication operation relating to Bilinear Pairing operation.
Tbp·a≈ 0.0071: be the execution time of a some add operation relating to Bilinear Pairing operation.
TH≈ 4.406: be the execution time of a hash-to-point operation relating to Bilinear Pairing.
Te·m≈ 0.4420: be the execution time of a scalar multiplication relating to ECC operation.
Te·sm≈ 0.0138: be the execution time of a small-scale multiplication operation relating to ECC operation.
Te·a≈ 0.0018: be the execution time of a some add operation relating to ECC operation.
Th≈ 0.0001: be the execution time of an one-way Hash function operation.
AIDM: represent that anonymous Identity generates and information signature;SVOM: represent single information authentication;BVMM: represent that batch disappears
Breath checking;GAIDM: represent that group's anonymous Identity generates and information signature;GMV: represent group's information authentication.
In the present invention, the AIDM stage uses and relates to two scalar multiplications operation of ECC operation and two one-way Hash function
Operation, so the execution time of this step be: 2Te·m+2Th≈0.8842ms。
The SVOM stage uses two the scalar multiplication operations relating to ECC operation, an add operation and a unidirectional Kazakhstan
Wish the operation of function, so the execution time of this step is: 2Te·m+1Te·a+1Th≈0.8859ms。
The BVMM stage uses two scalar multiplications operation relating to ECC operation, the operation of (n) individual small-scale multiplication with, (n)
The operation of individual add operation and (n) individual one-way Hash function, thus the execution time of this step be: 2Te·m+nTe·sm+nTe·a+
nTh≈(0.0157n+0.884)ms。
The GAIDM stage uses two scalar multiplication operations and the operation of two one-way Hash function relating to ECC operation
So the execution time of this step is: 2Te·m+2Th≈0.8842ms。
The GMV stage uses two the scalar multiplication operations relating to ECC operation, an add operation and an one-way hash function
The operation of function, thus the execution time of this step be: 2Te·m+1Tea+1Th≈0.8859ms。
Analyze through above, it can be deduced that such as the calculating cost comparing result of table 2.
Table 2 calculates Cost comparisons's table
Claims (10)
1. a vehicular ad hoc network safety certifying method based on Cuckoo filter, it is characterised in that: comprise following step
Rapid:
(1) authentication procedures between vehicle and the infrastructure of VANETs based on Cuckoo filter is followed successively by: system
Initialize, shake hands for the first time, information signature and message authentication;
(2) authentication procedures between vehicle and the vehicle of VANETs based on Cuckoo filter is followed successively by: group cipher is raw
One-tenth, group's information signature and group's message authentication.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 1, its feature
It is: the system initialization process in described step (1) comprises the following steps:
1) systematic parameter generation phase: TA initializes systematic parameter, calculates system PKI, and TA is trust authority, and detailed process is retouched
State as follows:
According to given nonsingular elliptic curve (P, p, q, G, E), TA selects a random numberAs system master key, and
Calculate PPub=s P is as system PKI;
2) vehicle true identity and password pre-allocation stage, detailed process is described as follows:
When vehicle first enters into network, TA is each vehicle distribution true identity RID and equipment password PWD;
3) common parameter launch phase: the entity in VANETs obtains public system parameter, it is thus achieved that system PKI;Detailed process is retouched
State as follows:
Systematic parameter (P, p, q, E, G, h1,h2,PPub) each entity of being published in network, wherein, two safe one-way hash functions
Function,Vehicle and RSU can obtain.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 1, its feature
It is, in the authentication procedures between described vehicle and infrastructure, is respectively between RSU and vehicle by TA, TA and car
Shared secret is set up between;TA calculates and verification public keyVehicle is that each session uses different anonymities
Identity protects the privacy of oneself;The RSU with efficient computing capability is utilized to assist the message authentication of vehicle;By Cuckoo mistake
The hashed value of notification message changed by filter, retrieves signature the most effective;Searched in batch signature by binary search technology
Invalid signature;When disputable generation, trust authority TA can uniquely trace back to the true identity of vehicle;
The detailed process of described message authentication is followed successively by: RSU receives the signature information of vehicle;RSU checking current time stamp exists
In the range of transmission delay;By signature existing in Cuckoo filter and the cryptographic Hash of message, it is judged that sign the most legal;
RSU checks that PKI and shared key are in storage list;The integrity of RSU certification message and information source.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 3, its feature
Being, the detailed process of the information signature of described RSU is as follows:
1) vehicle ViFirst calculate assumed name IDi=(IDi1,IDi2), its computing formula is as follows, IDi1=ri·Ppub,Wherein riIt it is a random number;
2) above-mentioned generation ID is utilizedi1And IDi2To message MiSigning, its concrete signature formula is as follows,
Wherein h () is one-way safety hash function, TiThe current time stamp sent for message, miIt is that TA is RSU and vehicle is set up
Shared key, σiIt is the signature of this message, after having signed, vehicle ViBroadcast (IDi,Mi,σi,Ti)。
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 3, its feature
Being, the detailed process of the message authentication of described RSU is as follows:
1) RSU receives range of information (IDi,Mi,σi,Ti), i ∈ (1,2,3 ..., n), wherein, IDiIt it is the anonymity of vehicle;Mi
It is the vehicle message received, σiIt is the signature of this message, TiIt it is current time stamp;
2) RSU first checks for current time stamp Ti, it is assumed that the time T receivedRSU, △ T is predefined acceptable transmission delay,
If △ were T >=TRSU-TiSet up, enter next step, be false on the contrary, just signature is directly abandoned;
3) if the data signed in Cuckoo filter, whether RSU has only to the cryptographic Hash of checking signature and message and exists
In positive and negative filter, i.e. can determine whether to sign the most effectively, if now filter is empty or has been updated to sky it is necessary to enter
Next step;
4) RSU needs to go to verify vehicle ViPKI VPKiWith shared key mi, check (the VPK of storagei,mi) whether meet equationIf equation is set up enters next step, if be false, just signature is stored in negative filtration
In device;
5) RSU randomly chooses vector v={ v1,v2,...vn, v hereiBe one [1,2tLittle Stochastic in the range of], t is
One integer the least, RSU carries out batch certification to the signature in above-mentioned message, if following batch of certification equation (1) is set up, says
This message bright is complete, and the sender of message is also legal, legal signature is stored in positive filter simultaneously, right
Binary search batch processing is carried out in illegal signature;
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 5, its feature
Being: in the message authentication of described RSU, by the hashed value of Cuckoo filter replacement notification message, retrieving signature is
No effectively;It is as follows that effective and invalid information signature is put into the detailed process in positive filter and negative filter by RSU respectively:
1) Cuckoo filter storage signature sigmaiWith message MiCryptographic Hash f=Fingerprint (x), the i.e. fingerprint being mapped to
Wherein x=(IDi1||Mi);
2) Cuckoo filter is each data item x by hash scheme, and the index calculating two candidate bucket is as follows:
i1=hash (x) mod M
Wherein M is the barrelage mesh upper limit;
3) if candidate bucket has one to be empty, then fingerprint is stored in free bucket, if two candidate bucket all do not have space,
A candidate bucket, mobile off-the-shelf item can only be selected, reinsert candidate bucket to this project, wherein i1And i2Refer to two respectively
Candidate bucket.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 5, its feature
It is, in the message authentication of described RSU, searches the invalid signature i.e. binary search in batch signature by binary search technology
The detailed process of batch processing is as follows:
1) a collection of signature sigma to be verified1,σ2,...σnThere is n;
2) intermediate point of n signature is found out
3) carry out batch at first half and latter half to verify, in the event of invalid signature, continue process above,
Repeat binary search.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 1, its feature
Being, the group cipher in described step (2) generates process and comprises the following steps:
1) group's request: vehicle ViInitiate group's request, request message and corresponding signature have been sent to RSU, and ask RSU to broadcast
Message;
2) group agrees to: any vehicle VjReceive vehicle ViRequest message, first check for the assumed name of oneself the most wherein, as
Fruit exists, then vehicle VjTransmission is receiveed the response Mj={ GPAGR, IDj, and the signature of oneself is sent to RSU;
3) group criticizes after certification: RSU receives above-mentioned signature, and this approval and sign name carries out batch certification;At this point for any vehicle VxLabel
Name is effective;RSU is the most public and private key of this all living creatures to TA request;This group cipher is encrypted and is sent to RSU by TA;RSU is wide
Broadcast message and signature information;
4) group sets up: vehicle receives above-mentioned message and signature, after certification is passed through, it is thus achieved that the group private key CGS of self;Group's private key is profit
With shared key encryption, so only member can decipher in group.
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 8, its feature
Being, during described group cipher generates, the detailed process that group criticizes certification is as follows:
1) RSU is the most public and private key of this all living creatures to TA request;
2) TA chooses random number rr, calculates group's private key CGS=s × rr;TA utilizes mx, generate group PKI GPKx=mxP;
3) this group of private keys are encrypted by TAIt is sent to RSU;
4) RSU broadcastAnd signature disappears
Breath
Vehicular ad hoc network safety certifying method based on Cuckoo filter the most according to claim 1, its feature
Being, group's information signature and group's message authentication process in described step (2) comprise the following steps:
1) group's information signature: as vehicle ViWhen sending group's message, need message is signed, group's message label here
Name is with above-mentioned information signature process;Vehicle ViTo message MiSign, produce signature sigmaiThe most above-mentioned information signature of particular content
Described in process;Vehicle is by message { IDi,ENCCGS(GPKi||IDi),Mi,σiBe broadcasted;
2) group's message authentication: after receiving above-mentioned message, in group, member is to from vehicle ViMessage MiIn signature sigmaiRecognize
Card;First, vehicle is by judging △ T >=TRSU-TiWhether set up, set up and then carry out next step;Here △ T is default
Acceptable transmission delay, TRSUFor receiving the vehicle receiver time to message;
3) vehicle passes through group's private key to ENCCGS(GPKi||IDi) be decrypted, it is thus achieved that GPKiAnd IDi, by receive before comparison
MrDetermine whether member in group;If it is determined that this member is member in group, then verifying message, checking formula is:
σiPpub=IDi1+h2(IDi||Mi||Ti)GPKi。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610571676.5A CN105959117B (en) | 2016-07-19 | 2016-07-19 | Vehicular ad hoc network safety certifying method based on Cuckoo filter |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610571676.5A CN105959117B (en) | 2016-07-19 | 2016-07-19 | Vehicular ad hoc network safety certifying method based on Cuckoo filter |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105959117A true CN105959117A (en) | 2016-09-21 |
CN105959117B CN105959117B (en) | 2019-03-29 |
Family
ID=56900318
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610571676.5A Active CN105959117B (en) | 2016-07-19 | 2016-07-19 | Vehicular ad hoc network safety certifying method based on Cuckoo filter |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959117B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106452762A (en) * | 2016-11-25 | 2017-02-22 | 东南大学 | Identity-based high-efficiency data transmission method in vehicular ad hoc network |
CN107425974A (en) * | 2017-05-18 | 2017-12-01 | 西安电子科技大学 | The Hardware Implementation of KP computings on a kind of FourQ elliptic curves |
CN107634837A (en) * | 2017-11-01 | 2018-01-26 | 安徽大学 | The efficient message authentication method of car networking based on edge calculations |
CN107896369A (en) * | 2017-10-25 | 2018-04-10 | 重庆邮电大学 | A kind of message efficient devolved authentication method based on mobile vehicle ad-hoc network |
CN107908713A (en) * | 2017-11-10 | 2018-04-13 | 南京邮电大学 | A kind of distributed dynamic cuckoo filtration system and its filter method based on Redis clusters |
CN107947932A (en) * | 2018-01-09 | 2018-04-20 | 重庆邮电大学 | The vehicular ad hoc network authentication method without certificate signature based on non-bilinear map |
CN107979840A (en) * | 2018-01-23 | 2018-05-01 | 重庆邮电大学 | A kind of the car networking V2I Verification Systems and method of Key-insulated safety |
CN108668258A (en) * | 2018-05-09 | 2018-10-16 | 中国信息通信研究院 | V2X communicates quick identity authorization system and method |
CN109327437A (en) * | 2018-09-29 | 2019-02-12 | 深圳市多易得信息技术股份有限公司 | Concurrent websocket business information processing method and server-side |
CN110222088A (en) * | 2019-05-20 | 2019-09-10 | 华中科技大学 | Data approximation set representation method and system based on insertion position selection |
CN110971397A (en) * | 2018-09-28 | 2020-04-07 | 华为技术有限公司 | Communication method, communication device, server and system |
CN113239260A (en) * | 2021-05-18 | 2021-08-10 | 中南大学 | Multi-attribute outsourcing data query and verification method based on cuckoo filter |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
CN102904896A (en) * | 2012-10-23 | 2013-01-30 | 大连理工大学 | Anonymous authentication scheme under vehicular ad hoc network based on biometric encryption technology |
CN104394000A (en) * | 2014-12-11 | 2015-03-04 | 江苏大学 | Batched certification method based on pseudonym verification public key in vehicle-mounted network |
CN104753680A (en) * | 2015-03-26 | 2015-07-01 | 北京航空航天大学 | Privacy protection and authentication method in vehicle-mounted self-organizing network |
CN105656634A (en) * | 2016-01-12 | 2016-06-08 | 上海第二工业大学 | Privacy protection batch authentication method without pairing operation in vehicular ad hoc network |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
-
2016
- 2016-07-19 CN CN201610571676.5A patent/CN105959117B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102740286A (en) * | 2012-05-23 | 2012-10-17 | 杨涛 | Floating vehicle-based traceability vehicle self-networking communication privacy protection method |
CN102904896A (en) * | 2012-10-23 | 2013-01-30 | 大连理工大学 | Anonymous authentication scheme under vehicular ad hoc network based on biometric encryption technology |
CN104394000A (en) * | 2014-12-11 | 2015-03-04 | 江苏大学 | Batched certification method based on pseudonym verification public key in vehicle-mounted network |
CN104753680A (en) * | 2015-03-26 | 2015-07-01 | 北京航空航天大学 | Privacy protection and authentication method in vehicle-mounted self-organizing network |
CN105656634A (en) * | 2016-01-12 | 2016-06-08 | 上海第二工业大学 | Privacy protection batch authentication method without pairing operation in vehicular ad hoc network |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106452762B (en) * | 2016-11-25 | 2019-07-26 | 东南大学 | A kind of efficient data transfer method of identity-based in vehicular ad hoc network |
CN106452762A (en) * | 2016-11-25 | 2017-02-22 | 东南大学 | Identity-based high-efficiency data transmission method in vehicular ad hoc network |
CN107425974A (en) * | 2017-05-18 | 2017-12-01 | 西安电子科技大学 | The Hardware Implementation of KP computings on a kind of FourQ elliptic curves |
CN107425974B (en) * | 2017-05-18 | 2021-03-23 | 西安电子科技大学 | Hardware implementation method for KP operation on Fourier elliptic curve |
CN107896369A (en) * | 2017-10-25 | 2018-04-10 | 重庆邮电大学 | A kind of message efficient devolved authentication method based on mobile vehicle ad-hoc network |
CN107634837A (en) * | 2017-11-01 | 2018-01-26 | 安徽大学 | The efficient message authentication method of car networking based on edge calculations |
CN107634837B (en) * | 2017-11-01 | 2020-09-01 | 安徽大学 | Internet of vehicles message authentication method based on edge calculation |
CN107908713A (en) * | 2017-11-10 | 2018-04-13 | 南京邮电大学 | A kind of distributed dynamic cuckoo filtration system and its filter method based on Redis clusters |
CN107908713B (en) * | 2017-11-10 | 2022-01-11 | 南京邮电大学 | Distributed dynamic rhododendron filtering system based on Redis cluster and filtering method thereof |
CN107947932A (en) * | 2018-01-09 | 2018-04-20 | 重庆邮电大学 | The vehicular ad hoc network authentication method without certificate signature based on non-bilinear map |
CN107947932B (en) * | 2018-01-09 | 2020-09-01 | 重庆邮电大学 | Vehicle ad hoc network authentication method based on non-bilinear mapping certificateless signature |
CN107979840B (en) * | 2018-01-23 | 2021-02-09 | 重庆邮电大学 | Internet of vehicles V2I authentication system and method with key isolation safety |
CN107979840A (en) * | 2018-01-23 | 2018-05-01 | 重庆邮电大学 | A kind of the car networking V2I Verification Systems and method of Key-insulated safety |
CN108668258A (en) * | 2018-05-09 | 2018-10-16 | 中国信息通信研究院 | V2X communicates quick identity authorization system and method |
CN110971397A (en) * | 2018-09-28 | 2020-04-07 | 华为技术有限公司 | Communication method, communication device, server and system |
CN109327437A (en) * | 2018-09-29 | 2019-02-12 | 深圳市多易得信息技术股份有限公司 | Concurrent websocket business information processing method and server-side |
CN110222088A (en) * | 2019-05-20 | 2019-09-10 | 华中科技大学 | Data approximation set representation method and system based on insertion position selection |
CN110222088B (en) * | 2019-05-20 | 2021-08-31 | 华中科技大学 | Data approximate set representation method and system based on insertion position selection |
CN113239260A (en) * | 2021-05-18 | 2021-08-10 | 中南大学 | Multi-attribute outsourcing data query and verification method based on cuckoo filter |
CN113239260B (en) * | 2021-05-18 | 2022-04-29 | 中南大学 | Multi-attribute outsourcing data query and verification method based on cuckoo filter |
Also Published As
Publication number | Publication date |
---|---|
CN105959117B (en) | 2019-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105959117B (en) | Vehicular ad hoc network safety certifying method based on Cuckoo filter | |
CN104683112B (en) | A kind of car car safety communicating method that certification is assisted based on RSU | |
Li et al. | EPA-CPPA: An efficient, provably-secure and anonymous conditional privacy-preserving authentication scheme for vehicular ad hoc networks | |
CN105847235B (en) | The efficient anonymous batch of authentication method of identity-based under a kind of car networking environment | |
CN109067525B (en) | Message authentication method based on semi-trusted management center in Internet of vehicles | |
CN109005542B (en) | 5G Internet of vehicles rapid message authentication method based on reputation system | |
CN107979840B (en) | Internet of vehicles V2I authentication system and method with key isolation safety | |
CN107580006B (en) | Vehicular ad hoc network conditionity method for secret protection based on register list | |
CN104219663A (en) | A method and system for certificating vehicle identity | |
CN105577613B (en) | A kind of method of sending and receiving of key information, equipment and system | |
CN106209777A (en) | A kind of automatic driving car on-vehicle information interactive system and safety communicating method | |
CN104394000A (en) | Batched certification method based on pseudonym verification public key in vehicle-mounted network | |
CN110022542A (en) | A kind of anonymous authentication method of the modified based on condition secret protection | |
CN110166228B (en) | Privacy protection method based on certificate-free ring signcryption in vehicle-mounted self-organizing network | |
Othman et al. | Physically secure lightweight and privacy-preserving message authentication protocol for VANET in smart city | |
CN103281191A (en) | Method and system for communicating based on car networking | |
CN104010302A (en) | Vehicle-mounted self-organizing network traffic data trust evaluation method | |
CN110071797A (en) | The method of assumed name change car networking privacy-protection certification based on mixing context | |
Baee et al. | ALI: Anonymous lightweight inter-vehicle broadcast authentication with encryption | |
CN108933665B (en) | Method for applying lightweight V2I group communication authentication protocol in VANETs | |
CN113364598B (en) | Batch authentication method for privacy protection in Internet of vehicles environment | |
JP7187547B2 (en) | Securing out-of-vehicle communications using IBC | |
Wei et al. | On a group signature scheme supporting batch verification for vehicular networks | |
CN114389812B (en) | Internet of vehicles lightweight privacy protection batch authentication method based on PUF | |
CN115499119A (en) | PUF-based vehicle authentication method with privacy protection function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |